I did a 'yum update' to pick up the latest stuff from the development and Arjan's tree. I worked around the rpm conflicts from early stuff in the development tree.
The kernel update (421) still fails under strict/enforcing mode. The context labels now appear to be in the rpm file, but I'm getting similar messages: ...... lots and lots of WARNING messages like: WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/include/asm-i386/ptrace.h: Permission denied WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/include/asm-i386/bug.h: Permission denied WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/include/asm-i386/serial.h: Permission denied WARNING: Couldn't stat /lib/modules/2.6.6-1.421/build/mm/Makefile: Permission denied FATAL: Could not open /lib/modules/2.6.6-1.421/modules.dep.temp for writing: Permission denied /bin/bash: /root/.bashrc: Permission denied No dep file found for kernel 2.6.6-1.421 mkinitrd failed
My previous workaround (do 'setenforce 0; yum ....' followed by a relabel) did not work this time. The mkinitrd now fails even under permissive mode: [root@dell selinux]# setenforce 0 [root@dell selinux]# yum install kernel Gathering header information file(s) from server(s) Server: Test Linux 2.6-test prerelease kernels Server: Fedora Core 2 - i386 - Base Server: Fedora Core 2 - Development Tree Server: Fedora Core 2 - i386 - Released Updates Finding updated packages Downloading needed headers Resolving dependencies Dependencies resolved I will do the following: [install: kernel 2.6.6-1.421.i686] Is this ok [y/N]: y Downloading Packages Running test transaction: Test transaction complete, Success! kernel 100 % done 1/1 memlock: Cannot allocate memory Couldn't lock into memory, exiting. mkinitrd failed
Since the latest kernel's seemed to have auditing off, I can't locate anything interesting in /var/log/messages. (Looks like CONFIG_AUDIT is set to y in 421.)
Since the label now appear correct in the rpm file, could this be something in the policy/context files? Any ideas?
The install of the 1.13.3-2 policy packages seemed to work OK. It left my /etc/selinux/config file untouched. (I guess I should have removed it prior to install.....sorry).
tom
On Fri, 2004-06-04 at 14:06, Tom London wrote:
My previous workaround (do 'setenforce 0; yum ....' followed by a relabel) did not work this time. The mkinitrd now fails even under permissive mode: kernel 100 % done 1/1 memlock: Cannot allocate memory Couldn't lock into memory, exiting. mkinitrd failed
Also reported on fedora-devel-list; I don't think it is SELinux-related. 'ulimit -l unlimited' to workaround until a new kernel is available.
selinux@lists.fedoraproject.org